Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Make rename-able DKIM DNS record

Scheduled Pinned Locked Moved Feature Requests
dkimdns
7 Posts 3 Posters 410 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    wrote on last edited by girish
    #1

    As a follow up for the thread earlier, as a security measure, it would be nice to avoid Cloudron service discovery via DNS naming and hence make DKIM record renaeable (or other way to keep it unique and not service name specific).

    murgeroM 1 Reply Last reply
    2
  • murgeroM Offline
    murgeroM Offline
    murgero App Dev
    replied to potemkin_ai on last edited by murgero
    #2

    @potemkin_ai AFAIK there is no real security benefit to making it re-namable. If the cloudron is internet accessible (assuming it is since you mention dkim records) then the login page (or other app is accessible) which with a simple web browser one can tell it's a Cloudron install.

    A better security measure would be to make sure SSH is only accessible by YOU (limit IPs that can access it, Private Key Authentication, etc) and use 2fa on all apps that support it.

    --
    https://urgero.org
    ~ Professional Nerd. Freelance Programmer. ~
    Matrix: @murgero:urgero.org

    potemkin_aiP 1 Reply Last reply
    1
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    replied to murgero on last edited by
    #3

    @murgero nothing stops me from putting a firewall or/and web proxy in front of the instance, keeping all of the benefits, without exposure

    murgeroM 1 Reply Last reply
    0
  • robiR Offline
    robiR Offline
    robi
    wrote on last edited by
    #4

    Let's agree that making it renamable is useful for other scenarios more so than security by obscurity.

    Life of sky tech

    potemkin_aiP 1 Reply Last reply
    0
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    replied to robi on last edited by
    #5

    @robi 👍 🙂

    1 Reply Last reply
    0
  • murgeroM Offline
    murgeroM Offline
    murgero App Dev
    replied to potemkin_ai on last edited by
    #6

    @potemkin_ai You can definitely do that - but some services need to be accessible from the outside in order to work (like web services, some email service(s), etc etc.)

    Making it renamable for the sake of security is pointless - however, if you were to rename it for other reasons or just to rename it then I don't see the issue in allowing admins to do so.

    As @robi suggested - it can be useful in other scenarios. I just don't see the difference in a publicly hosted Cloudron and one where you obscure one part of it - Unfortunately there is no way to hide the fact you are running Cloudron from a malicious actor. At least not yet.

    --
    https://urgero.org
    ~ Professional Nerd. Freelance Programmer. ~
    Matrix: @murgero:urgero.org

    potemkin_aiP 1 Reply Last reply
    0
  • potemkin_aiP Offline
    potemkin_aiP Offline
    potemkin_ai
    replied to murgero on last edited by
    #7

    @murgero I didn't say it wouldn't be accessible; it would, just through my proxies, that make sure to remove any information, that would help in disclosure.

    You also miss an option with Intranets.

    1 Reply Last reply
    0

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.